Rewrote the comments system. (#1)
old one basically bitrotted to death, may it rinse in prosciutto Reviewed-on: #1 Co-authored-by: flashwave <me@flash.moe> Co-committed-by: flashwave <me@flash.moe>
This commit is contained in:
parent
6b2bfb726f
commit
7353553de7
66 changed files with 3320 additions and 2088 deletions
public-legacy
|
|
@ -1,213 +0,0 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
use RuntimeException;
|
||||
use Misuzu\Comments\{CommentsCategoryInfo,CommentsPostInfo};
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$redirect = filter_input(INPUT_GET, 'return') ?? $_SERVER['HTTP_REFERER'] ?? $msz->urls->format('index');
|
||||
|
||||
if(!Tools::isLocalURL($redirect))
|
||||
Template::displayInfo('Possible request forgery detected.', 403);
|
||||
|
||||
if(!CSRF::validateRequest())
|
||||
Template::displayInfo("Couldn't verify this request, please refresh the page and try again.", 403);
|
||||
|
||||
if(!$msz->authInfo->loggedIn)
|
||||
Template::displayInfo('You must be logged in to manage comments.', 403);
|
||||
|
||||
if($msz->usersCtx->hasActiveBan($msz->authInfo->userInfo))
|
||||
Template::displayInfo('You have been banned, check your profile for more information.', 403);
|
||||
|
||||
$perms = $msz->authInfo->getPerms('global');
|
||||
|
||||
$commentId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT);
|
||||
$commentMode = (string)filter_input(INPUT_GET, 'm');
|
||||
$commentVote = (int)filter_input(INPUT_GET, 'v', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
if(!empty($commentId)) {
|
||||
try {
|
||||
$commentInfo = $msz->comments->getPost($commentId);
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::displayInfo('Post not found.', 404);
|
||||
}
|
||||
|
||||
$categoryInfo = $msz->comments->getCategory(postInfo: $commentInfo);
|
||||
}
|
||||
|
||||
if($commentMode !== 'create' && empty($commentInfo))
|
||||
Template::throwError(400);
|
||||
|
||||
switch($commentMode) {
|
||||
case 'pin':
|
||||
case 'unpin':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to pin comments.", 403);
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
|
||||
Template::displayInfo("This comment doesn't exist!", 400);
|
||||
if($commentInfo->isReply)
|
||||
Template::displayInfo("You can't pin replies!", 400);
|
||||
|
||||
$isPinning = $commentMode === 'pin';
|
||||
|
||||
if($isPinning) {
|
||||
if($commentInfo->pinned)
|
||||
Template::displayInfo('This comment is already pinned.', 400);
|
||||
|
||||
$msz->comments->pinPost($commentInfo);
|
||||
} else {
|
||||
if(!$commentInfo->pinned)
|
||||
Template::displayInfo("This comment isn't pinned yet.", 400);
|
||||
|
||||
$msz->comments->unpinPost($commentInfo);
|
||||
}
|
||||
|
||||
Tools::redirect($redirect . '#comment-' . $commentInfo->id);
|
||||
break;
|
||||
|
||||
case 'vote':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to vote on comments.", 403);
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
|
||||
Template::displayInfo("This comment doesn't exist!", 400);
|
||||
|
||||
if($commentVote > 0)
|
||||
$msz->comments->addPostPositiveVote($commentInfo, $msz->authInfo->userInfo);
|
||||
elseif($commentVote < 0)
|
||||
$msz->comments->addPostNegativeVote($commentInfo, $msz->authInfo->userInfo);
|
||||
else
|
||||
$msz->comments->removePostVote($commentInfo, $msz->authInfo->userInfo);
|
||||
|
||||
Tools::redirect($redirect . '#comment-' . $commentInfo->id);
|
||||
break;
|
||||
|
||||
case 'delete':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
|
||||
$canDelete = $perms->check(Perm::G_COMMENTS_DELETE_OWN | Perm::G_COMMENTS_DELETE_ANY);
|
||||
if(!$canDelete && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to delete comments.", 403);
|
||||
|
||||
$canDeleteAny = $perms->check(Perm::G_COMMENTS_DELETE_ANY);
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
|
||||
Template::displayInfo(
|
||||
$canDeleteAny ? 'This comment is already marked for deletion.' : "This comment doesn't exist.",
|
||||
400
|
||||
);
|
||||
|
||||
$isOwnComment = $commentInfo->userId === $msz->authInfo->userInfo->id;
|
||||
$isModAction = $canDeleteAny && !$isOwnComment;
|
||||
|
||||
if(!$isModAction && !$isOwnComment)
|
||||
Template::displayInfo("You're not allowed to delete comments made by others.", 403);
|
||||
|
||||
$msz->comments->deletePost($commentInfo);
|
||||
|
||||
if($isModAction) {
|
||||
$msz->createAuditLog('COMMENT_ENTRY_DELETE_MOD', [
|
||||
$commentInfo->id,
|
||||
$commentUserId = $commentInfo->userId,
|
||||
'<username>',
|
||||
]);
|
||||
} else {
|
||||
$msz->createAuditLog('COMMENT_ENTRY_DELETE', [$commentInfo->id]);
|
||||
}
|
||||
|
||||
Tools::redirect($redirect);
|
||||
break;
|
||||
|
||||
case 'restore':
|
||||
if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY))
|
||||
Template::displayInfo("You're not allowed to restore deleted comments.", 403);
|
||||
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo))
|
||||
Template::displayInfo("This comment is probably nuked already.", 404);
|
||||
if(!$commentInfo->deleted)
|
||||
Template::displayInfo("This comment isn't in a deleted state.", 400);
|
||||
|
||||
$msz->comments->restorePost($commentInfo);
|
||||
|
||||
$msz->createAuditLog('COMMENT_ENTRY_RESTORE', [
|
||||
$commentInfo->id,
|
||||
$commentUserId = $commentInfo->userId,
|
||||
'<username>',
|
||||
]);
|
||||
|
||||
Tools::redirect($redirect . '#comment-' . $commentInfo->id);
|
||||
break;
|
||||
|
||||
case 'create':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to post comments.", 403);
|
||||
if(empty($_POST['comment']) || !is_array($_POST['comment']))
|
||||
Template::displayInfo('Missing data.', 400);
|
||||
|
||||
try {
|
||||
$categoryId = isset($_POST['comment']['category']) && is_string($_POST['comment']['category'])
|
||||
? (int)$_POST['comment']['category']
|
||||
: 0;
|
||||
$categoryInfo = $msz->comments->getCategory(categoryId: (string)$categoryId);
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::displayInfo("This comment category doesn't exist.", 404);
|
||||
}
|
||||
|
||||
$canLock = $perms->check(Perm::G_COMMENTS_LOCK);
|
||||
if($categoryInfo->locked && !$canLock)
|
||||
Template::displayInfo('This comment category has been locked.', 403);
|
||||
|
||||
$commentText = !empty($_POST['comment']['text']) && is_string($_POST['comment']['text']) ? $_POST['comment']['text'] : '';
|
||||
$commentReply = (string)(!empty($_POST['comment']['reply']) && is_string($_POST['comment']['reply']) ? (int)$_POST['comment']['reply'] : 0);
|
||||
$commentLock = !empty($_POST['comment']['lock']) && $canLock;
|
||||
$commentPin = !empty($_POST['comment']['pin']) && $perms->check(Perm::G_COMMENTS_PIN);
|
||||
|
||||
if($commentLock) {
|
||||
if($categoryInfo->locked)
|
||||
$msz->comments->unlockCategory($categoryInfo);
|
||||
else
|
||||
$msz->comments->lockCategory($categoryInfo);
|
||||
}
|
||||
|
||||
if(strlen($commentText) > 0) {
|
||||
$commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText);
|
||||
} else {
|
||||
if($canLock)
|
||||
Template::displayInfo('The action has been processed.', 400);
|
||||
else
|
||||
Template::displayInfo('Your comment is too short.', 400);
|
||||
}
|
||||
|
||||
if(mb_strlen($commentText) > 5000)
|
||||
Template::displayInfo('Your comment is too long.', 400);
|
||||
|
||||
if($commentReply > 0) {
|
||||
try {
|
||||
$parentInfo = $msz->comments->getPost($commentReply);
|
||||
} catch(RuntimeException $ex) {}
|
||||
|
||||
if(!isset($parentInfo) || !($parentInfo instanceof CommentsPostInfo) || $parentInfo->deleted)
|
||||
Template::displayInfo('The comment you tried to reply to does not exist.', 404);
|
||||
}
|
||||
|
||||
$commentInfo = $msz->comments->createPost(
|
||||
$categoryInfo,
|
||||
$parentInfo ?? null,
|
||||
$msz->authInfo->userInfo,
|
||||
$commentText,
|
||||
$commentPin
|
||||
);
|
||||
|
||||
Tools::redirect($redirect . '#comment-' . $commentInfo->id);
|
||||
break;
|
||||
|
||||
default:
|
||||
Template::displayInfo('Not found.', 404);
|
||||
}
|
||||
|
|
@ -318,7 +318,7 @@ if($isEditing) {
|
|||
$profileStats = new stdClass;
|
||||
$profileStats->forum_topic_count = $msz->forumCtx->countTotalUserTopics($userInfo);
|
||||
$profileStats->forum_post_count = $msz->forumCtx->countTotalUserPosts($userInfo);
|
||||
$profileStats->comments_count = $msz->comments->countPosts(userInfo: $userInfo, deleted: false);
|
||||
$profileStats->comments_count = $msz->commentsCtx->posts->countPosts(userInfo: $userInfo, deleted: false);
|
||||
|
||||
if(!$viewingAsGuest) {
|
||||
Template::set('profile_warnings', iterator_to_array($msz->usersCtx->warnings->getWarningsWithDefaultBacklog($userInfo)));
|
||||
|
|
|
|||
|
|
@ -140,7 +140,7 @@ if(isset($_POST['action']) && is_string($_POST['action'])) {
|
|||
$tmpFiles[] = db_to_zip($archive, $userInfo, 'forum_topics_track', ['user_id:s', 'topic_id:s', 'forum_id:s', 'track_last_read:t']);
|
||||
$tmpFiles[] = db_to_zip($archive, $userInfo, 'login_attempts', ['attempt_id:s', 'user_id:s:n', 'attempt_success:b', 'attempt_remote_addr:a', 'attempt_country:s', 'attempt_created:t', 'attempt_user_agent:s']);
|
||||
$tmpFiles[] = db_to_zip($archive, $userInfo, 'messages', ['msg_id:s', 'msg_owner_id:s', 'msg_author_id:s:n', 'msg_recipient_id:s:n', 'msg_reply_to:s:n', 'msg_title:s', 'msg_body:s', 'msg_body_format:s', 'msg_created:t', 'msg_sent:t:n', 'msg_read:t:n', 'msg_deleted:t:n'], 'msg_owner_id');
|
||||
$tmpFiles[] = db_to_zip($archive, $userInfo, 'news_posts', ['post_id:s', 'category_id:s', 'user_id:s:n', 'comment_section_id:s:n', 'post_featured:b', 'post_title:s', 'post_text:s', 'post_scheduled:t', 'post_created:t', 'post_updated:t', 'post_deleted:t:n']);
|
||||
$tmpFiles[] = db_to_zip($archive, $userInfo, 'news_posts', ['post_id:s', 'category_id:s', 'user_id:s:n', 'post_featured:b', 'post_title:s', 'post_text:s', 'post_scheduled:t', 'post_created:t', 'post_updated:t', 'post_deleted:t:n']);
|
||||
$tmpFiles[] = db_to_zip($archive, $userInfo, 'oauth2_access', ['acc_id:s', 'app_id:s', 'user_id:s:n', 'acc_token:n', 'acc_scope:s', 'acc_created:t', 'acc_expires:t']);
|
||||
$tmpFiles[] = db_to_zip($archive, $userInfo, 'oauth2_authorise', ['auth_id:s', 'app_id:s', 'user_id:s', 'uri_id:s', 'auth_challenge_code:n', 'auth_challenge_method:s', 'auth_scope:s', 'auth_code:n', 'auth_created:t', 'auth_expires:t']);
|
||||
$tmpFiles[] = db_to_zip($archive, $userInfo, 'oauth2_device', ['dev_id:s', 'app_id:s', 'user_id:s:n', 'dev_code:n', 'dev_user_code:n', 'dev_interval:i', 'dev_polled:t', 'dev_scope:s', 'dev_approval:s', 'dev_created:t', 'dev_expires:t']);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue